CVE-2020-15788

Name of the Vulnerable Software and Affected Versions Polarion Subversion Webclient (All versions)

Description A security issue has been identified where the Polarion subversion web application fails to properly filter user input, allowing for Cross-Site Scripting attacks. If a user is tricked into providing specially crafted, malicious input to the web client, such as by clicking on a malicious URL containing embedded JavaScript, then JavaScript code can be returned and potentially executed by the user's client. This could trigger various malicious actions.

Recommendations For all versions, consider implementing proper input validation and filtering to prevent malicious input from being executed. As a temporary workaround, restrict access to the web client to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.